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I T COULD put the government out of the business of entire new field of “public cryptography,” which has ex- ; 

eavesdropping on other nations’ messages. It could pro- cited several major corporations and apparently has put the 

tect business trade secrets from computer crimes — or government’s supersecret code agency, the National Secu- 
rity Agency, on edge. • . ‘ 

Throughout most of history, codes have been the near-ex- j 
elusive province of governments and their military and in- 
telligence organizations. In part this is because transmitting 
coded messages on a large scale has required money and or- j 
ganization, including the ability to run private couriers • 
among the communicators to distribute the code keys. \ v . i 
This is necessary because, in conventional codes, the pro- { 
cess of turning letters into numbers is the exact reverse of 
decoding the message. Experts, say that today’s encryption 



guarantee organized crime that its records could never be 
read by investigators. It could ultimately assure citizens that 
no government or private agency could tap their phones. 

These are a few of the far-reaching consequences which 
could flow from some new notions about numbers being de- 
veloped by a group of young university scientists. These 
mathematicians may be on their way to fulfilling one of 
man’s oldest dreams — break-proof codes — and leaving the 
world a more private place in the process. 

It probably will be 5 to 10 years before these ideas become _ 



consumer reality, and the scientists caution that more work is done with a pocket-sized cipher machine, into which the 
is needed to prove out the break-proof codes. Nonetheless, user plugs an IBM card or computer chip that programs the j 

the progress made so far promises to become the basis of an machine to perform the code operations. Since knowledge * 

of the encoding key is tantamount to knowing how to break 

• the code, the security of such codes obviously depends on 

the security of the keys. 



Shapley is a staff writer for Science magazine . 



See CODES, Page B3 
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By Michael Crawford for The Washington Post 
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CODES, From Page B1 
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If a fleet of battleships uses the same code, for instance, 
the system can be compromised by enemy ransack of a cap- 
tured ship or rifling through the clothes of a dead sailor 
washed ashore. And nations have sometimes engaged in 
chess-like gamesmanship to prevent the other side from 
knowing its code has been broken. In the North Africa cam- 
paign of World War n, for example, when the British cap- 
tured a houseboat on the Nile that proved to be a German 
military command station, complete with codebook and 
radio set, they continued relaying and encoding the Ger- 
mans' messages to make them think nothing had happened 
But in the new class of “public” codes, the decode key is 
not the exact reverse of the encode key. Thus the encipher- 
ing keys can be widely distributed without fear of compro- 
mising the code. This makes possible a wide range of 
cheaper, large-scale, commercial transactions. 

The “Trap Door” 

W HY IS THIS possible? Encryption is basically mathe- 
matics. To encode a message, letters, punctuation 
marks and spaces are transformed into numbers by simple 
substitutions, such as A=01, B=02. Then a mathematical op- 
eration turns these into another string of numbers, which is 
then transmitted — and would appear sheer garble to any- 
one intercepting the message. 

The experts say that in modern military and diplomatic 
codes, the encoding process is usually some form of algebra: 
The encoding key turns x into y and the decoding key per- 
forms the simple reverse, turning y back into x. 

But public key cryptosystems are based on a unique 
branch of mathematical problems which the availability of 
high-speed computing equipment is only now making it 
possible to study. In these problems, while it is easy to turn 
x into y, it is very difficult to go backwards from y and cal- 
culate x. These are called “trap door” problems because 
only those who know the decoding formula can reverse the 
original process. 

Thus a key that encodes a message, based on the first 
simple calculation, can be freely distributed without fear 
that the code will be understood Only the person with the 
secret decoding key could ever learn the message's content. 

All this was suggested in a paper published in 1975 by two 
Stanford scientists, Whitfield Diffie and Martin Heilman. 
Later, a young professor of computer science at MIT, Ron- 
ald Rivest, extended these ideas into a specific code scheme, 
for which he is seeking a patents . : 

Rivest’s scheme, which appears highly secure, is based on 
the fact that in advanced mathematics, it is easy to find 
large, 100-digit prime numbers and multiply them together 
into an even longer, 200-digit numbers. But even with the 
most advanced computers, it is extremely difficult — know- 
ing only the very long product of two such numbers — to go 
backwards and find the two prime numbers themselves. Ac- 
cording to Rivest, computer trial-and-error attempts to dis- 
cover the two prime factors of a 200-digit number would re- 
quire 3.8 billion years of computer time. 

Rivest proposed that a public code system could enable an 
entire network of people to communicate with each other 
securely. In a network, each user would have a secret decod- 
ing key, corresponding to a public encoding key that would 
be distributed to all the other users and perhaps published 
in a directory. Each user would have all the others' public 
keys and therefore be able to send messages to each of 
them. But only the individual recipient could decipher a 
message. 

Moreover, he suggested a way of double-coding each mes- 
sage so the recipient could be certain who sent it In this 
elaboration, the sender would first encode the message with 








his unique, secret key, and then code it a second time with 
the listed public key of the person the message is being sent 
to. • 

The recipient would first apply his secret decoding key to 
the message, and then decode it again with the public key of 
the person who sent it. The message that pops out then 
could only have come from the person with the exclusive 
decode key. 

One clear advantage of this “signature” system is that the 
loss of a single decode key would compromise only one link 
in the network and not the entire system, as can happen in 
conventional cryptography. 

In a technical memorandum, Rivest also envisioned put- 
ting these capabilities into small-scale devices that could be 
added to data or communications systems. He wrote, “An 
electronic checking system could be based on a signature 
system such as the above. It is easy to imagine an encryption 
device in your home terminal allowing you to sign checks 
that got sent by electronic mail to the payee ... 

“Another possibility arises if encryption devices can be 
made fast enough; it will be possible to have a telephone 
conversation in which every word spoken is signed by the 
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office estimates that there have been some 7,000 requests 
for it Copies were sent on request to oil companies (Exxon, 
Mobil, Shell, Atlantic Richfield), information companies 
(Data General Corp., IBM, Bell laboratories), and foreigners 
(from Norway, Sweden, West Germany, Brazil and some 
Asian countries). And when Heilman, Rivest and their co- 
workers gave talks on the new cryptography at a session 
sponsored by their professional society, the Institute for 
Electrical and Electronics Engineers at Cornell University, 
last fall, the jam-packed room included IEEE members from 
many American firms and from the Soviet Union, Hungary, 
and Taiwan. 

There is little question that all this interest in public key 
cryptosystems has made the NSA jittery. It is an open ques- 
tion whether this government agency, which is primarily 
devoted to listening in on the communications and signals 
— coded and uncoded — of other civilian and military or- 
ganizations around the world can peacefully coexist with 
this growing civilian field. 

Typical of an agency that does not ever! list itself in the 
Pentagon telephone directory, the NSA declines to com- 
ment on public cryptography. But an investigator for the 
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Like other scientific breakthroughs, public key cryp tosystems may 
prove a two*edged sword* While bringing great benefits to some , it 
could hinder other activities, including ( J.S. conduct of foreign policy. 
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encryption device before transmission,” he wrote. In other 
words, since the telephone system already turns voices into 
signals, an added device could code and decode these sig- 
nals at the press of a button, making the conversation se- 
cure. 

Not only academic scientists feel there will be a need for 
these new systems. Says Fred Weingarten, a National Sci- 
ence Foundation official who helps fund the scientists, 
“There is certainly going to be a lot of civilian cryptogra- 
phy. When we start doing our banking electronically and 
have electronic mail and firms are shipping data over wires. 
I would think it is going to be routine that all data communi- 
cation will be encrypted in a few years. It’s a natural devel- 
opment of the use of computers.” 

N. Bruce Hannay, vice president for research and patents 
of Bell Laboratories, which has pioneered in many other 
communications revolutions, adds, “People are getting 
more sophisticated in electronics. Look at today’s students, 
who know all sorts of electronics technology. Out of that 
population there will be a small but increasing number who 
will be willing to use that knowledge in ways that are illegal. 
Companies in the information business, whether computer 
companies or communications companies like us, are going 
to have to be concerned about it” Hannay says several of 
his scientists, too, are doing research on encryption systems. 

A Jittery NSA 

P ERHAPS THE best evidence of the growing interest in 

public cryptography is the fact that Rivest’s technical 
memorandum describing his scheme has been a sellout: His 



Senate Intelligence Committee who has kept track of these 
developments and who has talked with NSA officials com- 
ments, “They recognize the great commercial value of these 
developments, and they realize they have neither the ability 
nor the legal authority to police it and stop it All they 
would like is some clear authority, so that if something 
comes out of the universities that really does threaten na- 
tional security, they could move in on it” 

NSA clearly is interested in adapting public key crypto- 
systems for its own uses. Through a Princeton, NJ., subsidi- 
ary at the Institute for Defense Analyses, NSA is sponsoring 
a technical meeting this summer to which mathemati cians 
from around the country have been invited. One purpose of 
the meeting, according to these scientists, is to see if the 
Rivest system is as secure as it is said to be. 

Besides national security uses, a question has been raised 
about whether the NSA has a stake in keeping new, civilian 
codes less than completely secure so that it can break in on 
encrypted traffic at will. Stanford’s Heilman made such a 
charge last year. When the National Bureau of Standards 
sought scientific comments on a conventional encryption 
system developed by IBM for government unclassified and 
commercial use, the key of “bits” (Os and Is) had been shor- 
tened by half and one mathematical operation in it, called 
the “S-Box structure,” was kept secret 
Heilman and others charged that with the shorter key 
size, advanced computers could crack the code more easily, 

and that" the S-box structure might have been withheld be- 
cause it contained a shortcut whereby a knowledgable in- 
truder could break in on the code. 



* . 






The Senate Intelligence Committee, investigating the in- 
dent, confirmed that the NSA had persuaded IBMrto 
shorten the key, but it left unanswered why, and whether 
this was to make the IBM code less secure. The NSA had be- 
come involved in the matter because the government, >xas 
considering certifying the encryption system for some gov- 
ernment and commercial use, which it ultimately did. The 
NBS asked NSA’s expert advice, the committee report ex- 
plained. * 

Locking the Barn Door 
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B UT CAN a revolution in cryptography be stopped or 
classified now that its main features have been pub- 
lished and 7,000 copies of Rivest’s memorandum have been 
mailed around the country and the world? 

At one point last fall, an NSA employe named J.A. Meyer 
tried single-handedly to prevent it from happening. In ad- 
vance of the Cornell cryptografihy symposium, Meyer wrote 
to the symposium’s leaders that publication or discussion of 
cryptography could violate federal export control laws. He 
identified himself only as a resident of Bethesda, Md., but 
several publications later confirmed that he was employed 
by the NSA. - • :.»' f 

According to Meyer, export laws require that 
cryptographic devices — as well as advanced computers, 
some machine tools and other things — must have a govdrh- 
ment license to be exported. The regulations also reqdihfe 
that licenses be obtained for export of “technical data,” a 
term that usually refers to operating instructions for equip- 
ment on the export control list. If the scientists’ descriptions . 
of the new code schemes could be construed as “technical 
data” (which Meyer thinks could happen), the scientists, like 
any other exporter, would have to submit their papers to 
the State Department before they could publish them or dis- 
cuss the work in front of foreigners at a meeting. 

Meyer’s threat sent the scientists scurrying to their law- 
yers, but did not stop the symposium or the publication of 
their papers. According to Arthur A. Smith, the MIT general 
counsel who advised Rivest that he could distribute his 
memorandum, the export laws are too murky to clearly pro- 
hibit scholars from the conduct of their activities. V 
“We have a duty to publish and protect the faculty’s right 
to do that,” Smith says. “If someone can show us that there 
is a clear violation if the faculty member publishes, then of 
course we would respect that But if we have to sift through 
a lot of unclear regulations, our doubt would be in favor of 
going ahead and publishing.” j 

NSA’s spokesman at the time, Norman Boardman, denied 
to the press that NSA had any official role in Meyer’s letter. 
This official disavowal seems borne out by events — or the 
lack of them: The scientists who went ahead with their sem- 
inars and publications were not prosecuted or harassed. 

Like other scientific breakthroughs, public key cryptosys- 
tems may prove a two-edged sword. While bringing great 
benefits to some, they could hinder other activities, in< " 
ing U.S. conduct of foreign policy. ■ > 



As Martin Gardner, the mathematics columnist for ~ 
tific American magazine, who in a sense broke the p_ 
cryptography story in the August 1977 issue when he _ 
scribed the Diffie-Hellman “trap door” functions and the 







Rivest scheme, remarked: v . 

All over the world there are clever men and vfonjfcijJ 
some of them geniuses, who have devoted their lives tothS 
mastery of modern cryptanalysis. Since World War n even 
those government and military ciphers . . . have become so 
difficult that the talents of these experts have gradually be- 
come less useful. Now these people are standing on trap- 
doors that are about to spring open and drop them com- 
pletely from sight.” i 



